Results 1 to 4 of 4

Thread: Very Slow System

  1. #1
    Junior Member
    Join Date
    Jan 2011
    Posts
    5

    Default

    The best I can determine, something is using svchost.exe up to as high as 400,000. When I kill the process it speeds up. Sometimes without any noticeable visible difference. At other times it impacts visual as well as operational effects.

    Here is the DDS txt file...

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Claptop at 18:05:59 on 2011-12-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.958.257 [GMT -5:00]
    .
    AV: CA Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
    SP: CA Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: CA Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
    C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
    C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\CA\CA Internet Security Suite\casc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Claptop\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Claptop\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Claptop\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Users\Claptop\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\Claptop\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SndVol.exe
    C:\Users\Claptop\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
    TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Verizon Media Manager] c:\program files\verizon\verizon media manager\release\Verizon Media Manager.exe 0
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [VetStart] "c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe" -r
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\VetRedir.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} - hxxp://mvod.web.aol.com/mce/new/ServiceMgr.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.opentopia.com/support/activex/AxisCamControl.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://24.229.36.243/activex/AMC.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{140E7353-3F0D-4C9F-8456-787077EA68D8} : DhcpNameServer = 10.61.32.1 1.1.1.1
    TCP: Interfaces\{43C96213-3886-49C5-831D-3F25D170288E} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: UmxSbxExw.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-5-10 164944]
    R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-4-24 107088]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-3-23 83536]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-3-23 63056]
    R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2011-5-2 66128]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-5-12 152656]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-2-24 82000]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-5-12 331344]
    S3 2892;2892;c:\windows\system32\drivers\2892 [2011-5-23 9072]
    S3 2923;2923;c:\windows\system32\drivers\2923 [2011-2-23 9072]
    S3 31296;31296;c:\windows\system32\drivers\31296 [2011-9-12 9072]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-17 39272]
    S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [2008-5-22 39048]
    .
    =============== Created Last 30 ================
    .
    2011-12-18 21:02:25 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e6794e24-43ed-44d9-b14a-35c42cb27164}\offreg.dll
    2011-12-18 20:34:01 -------- d-----w- C:\1822d1b9ba596e1e9a
    2011-12-18 20:31:18 -------- d-----w- c:\windows\CheckSur
    2011-12-16 10:31:42 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e6794e24-43ed-44d9-b14a-35c42cb27164}\mpengine.dll
    2011-12-15 21:16:41 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 21:16:38 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 21:16:35 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-15 21:16:30 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 21:16:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 19:06:28 -------- d-----w- c:\program files\iPod
    2011-12-15 19:06:03 -------- d-----w- c:\program files\iTunes
    2011-12-12 21:50:57 -------- d-----w- c:\users\claptop\appdata\roaming\RealNetworks
    2011-12-12 14:50:36 -------- d-----w- c:\users\claptop\appdata\local\Real
    2011-12-12 14:49:15 -------- d-----w- c:\program files\common files\xing shared
    2011-12-12 14:45:27 -------- d-----w- c:\program files\The Weather Channel FW
    2011-12-12 14:44:48 -------- d-----w- c:\users\claptop\appdata\local\The Weather Channel
    2011-11-24 15:35:53 -------- d-----w- c:\users\claptop\appdata\local\Programs
    2011-11-23 01:34:45 -------- d-----w- C:\Binaries
    2011-11-23 01:34:44 -------- d-----w- c:\program files\common files\MSSoap
    2011-11-23 01:34:16 -------- d-----w- c:\program files\Motorola Media Link
    2011-11-23 01:31:08 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
    .
    ==================== Find3M ====================
    .
    2011-12-12 14:48:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 18:11:35.10 ===============

    attach.zip is attached.

    Thanks,
    Rick

    I just realized that I did not have the large svchost.exe running when I ran these reports. Is it necessary that I resend this info during the next instance of the issue?
    Last edited by tashi; 2011-12-19 at 04:35. Reason: Merged two posts as per forum FAQ, please don't add. ;-) Removed duplicate log.

  2. #2
    Junior Member
    Join Date
    Jan 2011
    Posts
    5

    Default Very slow follow up

    Is the posted info sufficient for evaluation?
    Thanks,
    Rick

  3. #3
    Junior Member
    Join Date
    Jan 2011
    Posts
    5

    Default Is this

    Quote Originally Posted by avrick51 View Post
    Is the posted info sufficient for evaluation?
    Thanks,
    Rick
    Is this issue still active for resolution or guidance as to how to proceed?
    Thanks,
    Rick

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,476

    Default

    Hello avrick51,

    At the bottom of your original post,
    Last edited by tashi; Dec 18th, 2011. Reason: Merged two posts as per forum FAQ, please don't add. ;-)

    From the forum FAQ,
    Posting additional comments or logs before a volunteer responds can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count, they look for topics with a 0 response. For that reason we may merge such posts but please do not count on it.


    Also,
    The Waiting Room: Post here if waiting for help four days

    Best regards,
    Last edited by tashi; 2012-01-14 at 01:35. Reason: Date of archive
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •